Forbidden 403 Error in spring Boot when I try to access the web app(index.html)or reactjs app

ocebsuys  于 2023-05-17  发布在  React
关注(0)|答案(1)|浏览(102)

我有我的spring Boot 应用程序,我已经在spring boot应用程序下的'src/main/resources/static'文件夹中添加了index.html文件,这样我就可以在运行spring boot服务器时访问网页。这在另一个没有spring web安全设置的spring Boot 应用程序中运行得很好。但是一旦我添加了Spring Web安全配置,我只得到403 Forbidden错误。在网上我发现我应该添加:“.csrf().disable()”到我的配置,但它没有工作。我试图访问localhost:8080,但都是徒劳的。需要Spring安全性来保护REST API免受未经身份验证的用户的攻击。这是我的 Spring 安全配置。

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecuritySettings extends WebSecurityConfigurerAdapter {
    @Autowired
    private final UserDetailsService userService;

    @Autowired
    private JwtFilter jwtFilter;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // enable cors and disable csrf tokens(only required in mvc not in rest)
        http = http.cors().and().csrf().disable();

        // disable session management immediately since we are using jwt tokens.
        // the server doesn't need to persist the currently logged-in user
        http = http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
        // configure your authorisation from here
        http.authorizeRequests()
               //.antMatchers("/**").permitAll() // for the default landing page
                .antMatchers("/api/accounts/create-user").authenticated()
                .antMatchers("/api/accounts/me").authenticated()
                .antMatchers("/api/payments").hasAuthority("client")

我也试着像其他人建议的那样通过控制器呈现页面,但这一切都是徒劳的。

@Controller
public class IndexController {

    @RequestMapping("/")
    public String renderLandingPage(){
        return "Welcome to the servspace";
    }

}

这是错误,我得到

wljmcqd8

wljmcqd81#

您仍然需要.antMatchers("/**").permitAll(),但它需要在最后,因为它是最通用的:

http.authorizeRequests()
            .antMatchers("/api/accounts/create-user").authenticated()
            .antMatchers("/api/accounts/me").authenticated()
            .antMatchers("/api/payments").hasAuthority("client")
            .antMatchers("/**").permitAll() // for the default landing page

相关问题